Layer: kernel

Module: files

Interfaces

Description:

This module contains basic filesystem types and interfaces. This includes:

The concept of different file types including basic files, mount points, tmp files, etc.

Access to groups of files and all files.

Types and interfaces for the basic filesystem layout (/, /etc, /tmp, /usr, etc.).

This module is required to be included in all policies.

Interfaces:

files_add_entry_lock_dirs(
	
		domain
		
	)

Summary

Add entries in the /var/lock directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_append_var_files(
	
		domain
		
	)

Summary

Append files in the /var directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_associate_rootfs(
	
		file_type
		
	)

Summary

Associate to root file system.

Parameters

Parameter:	Description:
file_type	Type of the file to associate.

files_associate_tmp(
	
		file_type
		
	)

Summary

Allow the specified type to associate to a filesystem with the type of the temporary directory (/tmp).

Parameters

Parameter:	Description:
file_type	Type of the file to associate.

files_auth_file(
	
		file_type
		
	)

Summary

Mark the specified type as a file that is related to authentication.

Parameters

Parameter:	Description:
file_type	Type of the authentication-related file.

files_boot_filetrans(
	
		domain
		
			,
		
		private_type
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create a private type object in boot with an automatic type transition

Parameters

Parameter:	Description:
domain	Domain allowed access.
private_type	The type of the object to be created.
object_class	The object class of the object being created.
name	The name of the object being created.

files_check_write_lock_dirs(
	
		domain
		
	)

Summary

Test write access on lock directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_check_write_runtime_dirs(
	
		domain
		
	)

Summary

Check write access on /var/run directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_config_file(
	
		file_type
		
	)

Summary

Make the specified type a configuration file.

Description

Make the specified type usable for configuration files. This will also make the type usable for files, making calls to files_type() redundant. Failure to use this interface for a temporary file may result in problems with configuration management tools.

Example usage with a domain that can read its configuration file /etc:

type myconffile_t; files_config_file(myconffile_t) allow mydomain_t myconffile_t:file read_file_perms; files_search_etc(mydomain_t)

Parameters

Parameter:	Description:
file_type	Type to be used as a configuration file.

files_create_all_files_as(
	
		domain
		
	)

Summary

Create all files as is.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_create_all_runtime_pipes(
	
		domain
		
	)

Summary

Create all runtime named pipes

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_create_all_runtime_sockets(
	
		domain
		
	)

Summary

Create all runtime sockets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_create_all_spool_sockets(
	
		domain
		
	)

Summary

Create all spool sockets

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_create_boot_dirs(
	
		domain
		
	)

Summary

Create directories in /boot

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_create_boot_flag(
	
		domain
		
			,
		
		name
		
	)

Summary

Create a boot flag.

Description

Create a boot flag, such as /.autorelabel and /.autofsck.

Parameters

Parameter:	Description:
domain	Domain allowed access.
name	The name of the object being created.

files_create_kernel_img(
	
		domain
		
	)

Summary

Install a kernel into the /boot directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_create_kernel_symbol_table(
	
		domain
		
	)

Summary

Install a system.map into the /boot directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_create_lock_dirs(
	
		domain
		
	)

Summary

Create lock directories

Parameters

Parameter:	Description:
domain	Domain allowed access

files_create_non_security_dirs(
	
		domain
		
	)

Summary

Create non-security directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_create_non_security_files(
	
		domain
		
	)

Summary

Create all non-security files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_create_runtime_dirs(
	
		domain
		
	)

Summary

Create a /var/run directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_all_locks(
	
		domain
		
	)

Summary

Delete all lock files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_all_runtime_dirs(
	
		domain
		
	)

Summary

Delete all runtime dirs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_all_runtime_files(
	
		domain
		
	)

Summary

Delete all runtime files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_all_runtime_pipes(
	
		domain
		
	)

Summary

Delete all runtime named pipes

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_all_runtime_sockets(
	
		domain
		
	)

Summary

Delete all runtime sockets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_all_runtime_symlinks(
	
		domain
		
	)

Summary

Delete all runtime symlinks.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_all_spool_sockets(
	
		domain
		
	)

Summary

Delete all spool sockets

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_boot_flag(
	
		domain
		
	)

Summary

Delete a boot flag.

Description

Delete a boot flag, such as /.autorelabel and /.autofsck.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_etc_files(
	
		domain
		
	)

Summary

Delete system configuration files in /etc.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_generic_locks(
	
		domain
		
	)

Summary

Delete generic lock files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_kernel(
	
		domain
		
	)

Summary

Delete a kernel from /boot.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_kernel_modules(
	
		domain
		
	)

Summary

Delete kernel module files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_kernel_symbol_table(
	
		domain
		
	)

Summary

Delete a system.map in the /boot directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_root_chr_files(
	
		domain
		
	)

Summary

Delete character device nodes in the root directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_root_dir_entry(
	
		domain
		
	)

Summary

Remove entries from the root directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_root_files(
	
		domain
		
	)

Summary

Delete files in the root directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_root_symlinks(
	
		domain
		
	)

Summary

Delete symbolic links in the root directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_runtime_symlinks(
	
		domain
		
	)

Summary

Delete generic runtime symlinks.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_tmp_dir_entry(
	
		domain
		
	)

Summary

Remove entries from the tmp directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_usr_dirs(
	
		domain
		
	)

Summary

Delete generic directories in /usr in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_delete_usr_files(
	
		domain
		
	)

Summary

Delete generic files in /usr in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_dontaudit_getattr_all_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_all_files(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_all_pipes(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all named pipes.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_all_runtime_files(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all runtime data files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_all_sockets(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all named sockets.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_all_symlinks(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all symbolic links.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_all_tmp_files(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all tmp files.

Parameters

Parameter:	Description:
domain	Domain not to audit.

files_dontaudit_getattr_all_tmp_sockets(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all tmp sock_file.

Parameters

Parameter:	Description:
domain	Domain not to audit.

files_dontaudit_getattr_boot_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to get attributes of the /boot directory.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_default_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of directories with the default file type.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_default_files(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of files with the default file type.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_home_dir(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of the home directories root (/home).

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_lost_found_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of lost+found directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_non_security_blk_files(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of non security block devices.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_non_security_chr_files(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of non security character devices.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_non_security_files(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of non security files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_non_security_pipes(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of non security named pipes.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_non_security_sockets(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of non security named sockets.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_non_security_symlinks(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of non security symbolic links.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_runtime_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of the /var/run directory.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_getattr_tmp_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of the tmp directory (/tmp).

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_dontaudit_ioctl_all_runtime_files(
	
		domain
		
	)

Summary

Do not audit attempts to ioctl all runtime files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_list_all_mountpoints(
	
		domain
		
	)

Summary

Do not audit listing of all mount points.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_list_boot(
	
		domain
		
	)

Summary

Do not audit attempts to list the /boot directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_dontaudit_list_default(
	
		domain
		
	)

Summary

Do not audit attempts to list contents of directories with the default file type.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_list_home(
	
		domain
		
	)

Summary

Do not audit attempts to list home directories root (/home).

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_list_mnt(
	
		domain
		
	)

Summary

Do not audit attempts to list the contents of /mnt.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_dontaudit_list_non_security(
	
		domain
		
	)

Summary

Do not audit attempts to list all non-security directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_list_tmp(
	
		domain
		
	)

Summary

Do not audit listing of the tmp directory (/tmp).

Parameters

Parameter:	Description:
domain	Domain not to audit.

files_dontaudit_list_var(
	
		domain
		
	)

Summary

Do not audit attempts to list the contents of /var.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_load_kernel_modules(
	
		domain
		
	)

Summary

Load kernel module files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_dontaudit_manage_etc_files(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete generic files in /etc.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_read_all_symlinks(
	
		domain
		
	)

Summary

Do not audit attempts to read all symbolic links.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_read_default_files(
	
		domain
		
	)

Summary

Do not audit attempts to read files with the default file type.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_read_etc_files(
	
		domain
		
	)

Summary

Do not audit attempts to read files in /etc

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_read_etc_runtime_files(
	
		domain
		
	)

Summary

Do not audit attempts to read files in /etc that are dynamically created on boot, such as mtab.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_read_root_files(
	
		domain
		
	)

Summary

Do not audit attempts to read files in the root directory.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_relabel_config_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to relabel configuration directories

Parameters

Parameter:	Description:
domain	Domain not to audit.

files_dontaudit_relabel_config_files(
	
		domain
		
	)

Summary

Do not audit attempts to relabel configuration files

Parameters

Parameter:	Description:
domain	Domain not to audit.

files_dontaudit_rw_root_chr_files(
	
		domain
		
	)

Summary

Do not audit attempts to read or write character device nodes in the root directory.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_rw_root_dir(
	
		domain
		
	)

Summary

Do not audit attempts to write files in the root directory.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_rw_root_files(
	
		domain
		
	)

Summary

Do not audit attempts to read or write files in the root directory.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_rw_usr_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to add and remove entries from /usr directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_rw_var_files(
	
		domain
		
	)

Summary

Do not audit attempts to read and write files in the /var directory.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_search_all_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to search the contents of any directories on extended attribute filesystems.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_search_all_mountpoints(
	
		domain
		
	)

Summary

Do not audit searching of all mount points.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_search_boot(
	
		domain
		
	)

Summary

Do not audit attempts to search the /boot directory.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_search_home(
	
		domain
		
	)

Summary

Do not audit attempts to search home directories root (/home).

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_search_locks(
	
		domain
		
	)

Summary

Do not audit attempts to search the locks directory (/var/lock).

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_search_mnt(
	
		domain
		
	)

Summary

Do not audit attempts to search /mnt.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_search_runtime(
	
		domain
		
	)

Summary

Do not audit attempts to search the /var/run directory.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_search_spool(
	
		domain
		
	)

Summary

Do not audit attempts to search generic spool directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_search_src(
	
		domain
		
	)

Summary

Do not audit attempts to search /usr/src.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_search_tmp(
	
		domain
		
	)

Summary

Do not audit attempts to search the tmp directory (/tmp).

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_search_var(
	
		domain
		
	)

Summary

Do not audit attempts to search the contents of /var.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_search_var_lib(
	
		domain
		
	)

Summary

Do not audit attempts to search the contents of /var/lib.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_setattr_all_mountpoints(
	
		domain
		
	)

Summary

Do not audit attempts to set the attributes on all mount points.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_setattr_etc_runtime_files(
	
		domain
		
	)

Summary

Do not audit attempts to set the attributes of the etc_runtime files

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_tmpfs_file_getattr(
	
		domain
		
	)

Summary

dontaudit getattr on tmpfs files

Parameters

Parameter:	Description:
domain	Domain to not have stat on tmpfs files audited

files_dontaudit_write_all_mountpoints(
	
		domain
		
	)

Summary

Do not audit attempts to write to mount points.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_write_all_runtime_files(
	
		domain
		
	)

Summary

Do not audit attempts to write to all runtime files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_write_etc_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to write to /etc dirs.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_write_etc_files(
	
		domain
		
	)

Summary

Do not audit attempts to write generic files in /etc.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_dontaudit_write_etc_runtime_files(
	
		domain
		
	)

Summary

Do not audit attempts to write etc runtime files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_write_root_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to write to / dirs.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_write_usr_dirs(
	
		domain
		
	)

Summary

Do not audit write of /usr dirs

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_write_usr_files(
	
		domain
		
	)

Summary

dontaudit write of /usr files

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_dontaudit_write_var_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to write to /var.

Parameters

Parameter:	Description:
domain	Domain to not audit.

files_etc_filetrans(
	
		domain
		
			,
		
		file_type
		
			,
		
		class
		
			,
		
		name
		
	)

Summary

Create objects in /etc with a private type using a type_transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.
file_type	Private file type.
class	Object classes to be created.
name	The name of the object being created.

files_etc_filetrans_etc(
	
		domain
		
			,
		
		class
		
			,
		
		name
		
	)

Summary

Create objects in /etc with type etc_t with specified name to overide default transition

Parameters

Parameter:	Description:
domain	Domain allowed access.
class	Object classes to be created.
name	The name of the object being created.

files_etc_filetrans_etc_runtime(
	
		domain
		
			,
		
		object
		
			,
		
		name
		
	)

Summary

Create, etc runtime objects with an automatic type transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.
object	The class of the object being created.
name	The name of the object being created.

files_exec_etc_files(
	
		domain
		
	)

Summary

Execute generic files in /etc.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_exec_root_files(
	
		domain
		
	)

Summary

Execute files in the root directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_exec_runtime(
	
		domain
		
	)

Summary

Execute generic programs in /var/run in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_exec_usr_files(
	
		domain
		
	)

Summary

Execute generic programs in /usr in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_exec_usr_src_files(
	
		domain
		
	)

Summary

Execute programs in /usr/src in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_execmod_all_files(
	
		domain
		
	)

Summary

Allow shared library text relocations in all files.

Description

Allow shared library text relocations in all files.

This is added to support WINE policy.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_get_etc_unit_status(
	
		domain
		
	)

Summary

Get etc_t service status.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_all_dirs(
	
		domain
		
	)

Summary

Get the attributes of all directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_all_file_type_fs(
	
		domain
		
	)

Summary

Get the attributes of all filesystems with the type of a file.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_all_files(
	
		domain
		
	)

Summary

Get the attributes of all files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_all_mountpoints(
	
		domain
		
	)

Summary

Get the attributes of all mount points.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_all_pipes(
	
		domain
		
	)

Summary

Get the attributes of all named pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_all_sockets(
	
		domain
		
	)

Summary

Get the attributes of all named sockets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_all_symlinks(
	
		domain
		
	)

Summary

Get the attributes of all symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_all_tmp_files(
	
		domain
		
	)

Summary

Allow attempts to get the attributes of all tmp files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_all_tmpfs_files(
	
		type
		
	)

Summary

Get the attributes of all tmpfs files.

Parameters

Parameter:	Description:
type	Domain allowed access.

files_getattr_boot_dirs(
	
		domain
		
	)

Summary

Get attributes of the /boot directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_boot_fs(
	
		domain
		
	)

Summary

Get the attributes of a filesystem mounted on /boot.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_default_dirs(
	
		domain
		
	)

Summary

Getattr of directories with the default file type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_etc_runtime_dirs(
	
		domain
		
	)

Summary

Get the attributes of the etc_runtime directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_generic_locks(
	
		domain
		
	)

Summary

Get the attributes of generic lock files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_home_dir(
	
		domain
		
	)

Summary

Get the attributes of the home directories root (/home).

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_kernel_modules(
	
		domain
		
	)

Summary

Get the attributes of kernel module files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_lost_found_dirs(
	
		domain
		
	)

Summary

Get the attributes of lost+found directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_rootfs(
	
		domain
		
	)

Summary

Get the attributes of a rootfs file system.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_tmp_dirs(
	
		domain
		
	)

Summary

Get the attributes of the tmp directory (/tmp).

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_usr_files(
	
		domain
		
	)

Summary

Get the attributes of files in /usr.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_usr_src_files(
	
		domain
		
	)

Summary

Get the attributes of files in /usr/src.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_getattr_var_lib_dirs(
	
		domain
		
	)

Summary

Get the attributes of the /var/lib directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_home_filetrans(
	
		domain
		
			,
		
		home_type
		
			,
		
		object
		
			,
		
		name
		
	)

Summary

Create objects in /home.

Parameters

Parameter:	Description:
domain	Domain allowed access.
home_type	The private type.
object	The class of the object being created.
name	The name of the object being created.

files_kernel_modules_filetrans(
	
		domain
		
			,
		
		private_type
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create objects in the kernel module directories with a private type via an automatic type transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private_type	The type of the object to be created.
object_class	The object class of the object being created.
name	The name of the object being created.

files_list_all(
	
		domain
		
	)

Summary

List the contents of all directories on extended attribute filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_all_mountpoints(
	
		domain
		
	)

Summary

List all mount points.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_all_tmp(
	
		domain
		
	)

Summary

List all tmp directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_boot(
	
		domain
		
	)

Summary

List the /boot directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_default(
	
		domain
		
	)

Summary

List contents of directories with the default file type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_etc(
	
		domain
		
	)

Summary

List the contents of /etc directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_home(
	
		domain
		
	)

Summary

Get listing of home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_kernel_modules(
	
		domain
		
	)

Summary

List the contents of the kernel module directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_locks(
	
		domain
		
	)

Summary

List generic lock directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_lost_found(
	
		domain
		
	)

Summary

List the contents of lost+found directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_mnt(
	
		domain
		
	)

Summary

List the contents of /mnt.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_non_auth_dirs(
	
		domain
		
	)

Summary

Read all non-authentication related directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_non_security(
	
		domain
		
	)

Summary

List all non-security directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_root(
	
		domain
		
	)

Summary

List the contents of the root directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_runtime(
	
		domain
		
	)

Summary

List the contents of the runtime process ID directories (/var/run).

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_spool(
	
		domain
		
	)

Summary

List the contents of generic spool (/var/spool) directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_tmp(
	
		domain
		
	)

Summary

Read the tmp directory (/tmp).

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_usr(
	
		domain
		
	)

Summary

List the contents of generic directories in /usr.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_var(
	
		domain
		
	)

Summary

List the contents of /var.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_var_lib(
	
		domain
		
	)

Summary

List the contents of the /var/lib directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_list_world_readable(
	
		domain
		
	)

Summary

List world-readable directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_load_kernel_modules(
	
		domain
		
	)

Summary

Load kernel module files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_lock_file(
	
		type
		
	)

Summary

Make the specified type usable for lock files.

Parameters

Parameter:	Description:
type	Type to be used for lock files.

files_lock_filetrans(
	
		domain
		
			,
		
		private type
		
			,
		
		object
		
			,
		
		name
		
	)

Summary

Create an object in the locks directory, with a private type using a type transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private type	The type of the object to be created.
object	The object class of the object being created.
name	The name of the object being created.

files_manage_all_files(
	
		domain
		
			,
		
		exception_types
		
	)

Summary

Manage all files on the filesystem, except the listed exceptions.

Parameters

Parameter:	Description:
domain	Domain allowed access.
exception_types	The types to be excluded. Each type or attribute must be negated by the caller.

files_manage_all_locks(
	
		domain
		
	)

Summary

manage all lock files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_all_runtime_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete all runtime directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_all_runtime_files(
	
		domain
		
	)

Summary

Create, read, write and delete all var_run (pid) files

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_all_runtime_symlinks(
	
		domain
		
	)

Summary

Create, read, write and delete all var_run (pid) symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_boot_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories in /boot.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_boot_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files in the /boot directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_boot_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete symbolic links in the /boot directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_config_dirs(
	
		domain
		
	)

Summary

Manage all configuration directories on filesystem

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_config_files(
	
		domain
		
	)

Summary

Manage all configuration files on filesystem

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_default_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories with the default file type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_default_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files with the default file type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_etc_dirs(
	
		domain
		
	)

Summary

Manage generic directories in /etc

Parameters

Parameter:	Description:
domain	Domain allowed access

files_manage_etc_files(
	
		domain
		
	)

Summary

Create, read, write, and delete generic files in /etc.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_etc_runtime_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files in /etc that are dynamically created on boot, such as mtab.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_etc_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete symbolic links in /etc.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_generic_locks(
	
		domain
		
	)

Summary

Create, read, write, and delete generic lock files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_generic_spool(
	
		domain
		
	)

Summary

Create, read, write, and delete generic spool files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_generic_spool_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete generic spool directories (/var/spool).

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_generic_tmp_dirs(
	
		domain
		
	)

Summary

Manage temporary directories in /tmp.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_generic_tmp_files(
	
		domain
		
	)

Summary

Manage temporary files and directories in /tmp.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_kernel_modules(
	
		domain
		
	)

Summary

Create, read, write, and delete kernel module files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_lost_found(
	
		domain
		
	)

Summary

Create, read, write, and delete objects in lost+found directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_mnt_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories in /mnt.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_mnt_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files in /mnt.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_mnt_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete symbolic links in /mnt.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_mounttab(
	
		domain
		
	)

Summary

Allow domain to manage mount tables necessary for rpcd, nfsd, etc.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_non_auth_files(
	
		domain
		
	)

Summary

Manage non-authentication related files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_non_security_dirs(
	
		domain
		
	)

Summary

Allow attempts to manage non-security directories

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_non_security_files(
	
		domain
		
	)

Summary

Create, read, write, and delete all non-security files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_root_dir(
	
		domain
		
	)

Summary

Manage the root directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_urandom_seed(
	
		domain
		
	)

Summary

Create, read, write, and delete the pseudorandom number generator seed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_usr_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files in the /usr directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_var_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories in the /var directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_var_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files in the /var directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_var_lib_dirs(
	
		domain
		
	)

Summary

manage var_lib_t dirs

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_manage_var_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete symbolic links in the /var directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_map_etc_files(
	
		domain
		
	)

Summary

Map generic files in /etc.

Description

Allow the specified domain to map generic files in /etc.

Related interfaces:

files_read_etc_files()

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_map_non_auth_files(
	
		domain
		
	)

Summary

Mmap non-authentication related files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_map_usr_files(
	
		domain
		
	)

Summary

Map generic files in /usr.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_map_var_lib_files(
	
		domain
		
	)

Summary

map generic files in /var/lib.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_mmap_read_kernel_modules(
	
		domain
		
	)

Summary

Read and mmap kernel module files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_mount_all_file_type_fs(
	
		domain
		
	)

Summary

Mount all filesystems with the type of a file.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_mounton_all_mountpoints(
	
		domain
		
	)

Summary

Mount a filesystem on all mount points.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_mounton_all_poly_members(
	
		domain
		
	)

Summary

Mount filesystems on all polyinstantiation member directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_mounton_default(
	
		domain
		
	)

Summary

Mount a filesystem on a directory with the default file type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_mounton_etc_dirs(
	
		domain
		
	)

Summary

Mount a filesystem on the etc directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_mounton_etc_runtime_dirs(
	
		domain
		
	)

Summary

Mount a filesystem on the etc_runtime directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_mounton_kernel_symbol_table(
	
		domain
		
	)

Summary

Delete a system.map in the /boot directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_mounton_mnt(
	
		domain
		
	)

Summary

Mount a filesystem on /mnt.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_mounton_non_security(
	
		domain
		
	)

Summary

Mount a filesystem on all non-security directories and files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_mounton_root(
	
		domain
		
	)

Summary

Mount on the root directory (/)

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_mounton_runtime_dirs(
	
		domain
		
	)

Summary

mounton a /var/run directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_mounton_tmp(
	
		domain
		
	)

Summary

Mount filesystems in the tmp directory (/tmp)

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_mountpoint(
	
		type
		
	)

Summary

Make the specified type usable for filesystem mount points.

Parameters

Parameter:	Description:
type	Type to be used for mount points.

files_poly(
	
		file_type
		
	)

Summary

Make the specified type a polyinstantiated directory.

Parameters

Parameter:	Description:
file_type	Type of the file to be used as a polyinstantiated directory.

files_poly_member(
	
		file_type
		
	)

Summary

Make the specified type a polyinstantiation member directory.

Parameters

Parameter:	Description:
file_type	Type of the file to be used as a member directory.

files_poly_member_tmp(
	
		domain
		
			,
		
		file_type
		
	)

Summary

Make the domain use the specified type of polyinstantiated directory.

Parameters

Parameter:	Description:
domain	Domain using the polyinstantiated directory.
file_type	Type of the file to be used as a member directory.

files_poly_parent(
	
		file_type
		
	)

Summary

Make the specified type a parent of a polyinstantiated directory.

Parameters

Parameter:	Description:
file_type	Type of the file to be used as a parent directory.

files_polyinstantiate_all(
	
		domain
		
	)

Summary

Allow access to manage all polyinstantiated directories on the system.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_purge_tmp(
	
		domain
		
	)

Summary

Delete the contents of /tmp.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_all_blk_files(
	
		domain
		
	)

Summary

Read all block nodes with file types.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_all_chr_files(
	
		domain
		
	)

Summary

Read all character nodes with file types.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_all_dirs_except(
	
		domain
		
			,
		
		exception_types
		
	)

Summary

Read all directories on the filesystem, except the listed exceptions.

Parameters

Parameter:	Description:
domain	Domain allowed access.
exception_types	The types to be excluded. Each type or attribute must be negated by the caller.

files_read_all_files(
	
		domain
		
	)

Summary

Read all files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_all_files_except(
	
		domain
		
			,
		
		exception_types
		
	)

Summary

Read all files on the filesystem, except the listed exceptions.

Parameters

Parameter:	Description:
domain	Domain allowed access.
exception_types	The types to be excluded. Each type or attribute must be negated by the caller.

files_read_all_locks(
	
		domain
		
	)

Summary

Read all lock files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_all_runtime_files(
	
		domain
		
	)

Summary

Read all runtime files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_all_symlinks(
	
		domain
		
	)

Summary

Read all symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_all_symlinks_except(
	
		domain
		
			,
		
		exception_types
		
	)

Summary

Read all symbolic links on the filesystem, except the listed exceptions.

Parameters

Parameter:	Description:
domain	Domain allowed access.
exception_types	The types to be excluded. Each type or attribute must be negated by the caller.

files_read_all_tmp_files(
	
		domain
		
	)

Summary

Read all tmp files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_boot_files(
	
		domain
		
	)

Summary

read files in the /boot directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_boot_symlinks(
	
		domain
		
	)

Summary

Read symbolic links in the /boot directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_config_files(
	
		domain
		
	)

Summary

Read config files in /etc.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_default_files(
	
		domain
		
	)

Summary

Read files with the default file type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_default_pipes(
	
		domain
		
	)

Summary

Read named pipes with the default file type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_default_sockets(
	
		domain
		
	)

Summary

Read sockets with the default file type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_default_symlinks(
	
		domain
		
	)

Summary

Read symbolic links with the default file type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_etc_files(
	
		domain
		
	)

Summary

Read generic files in /etc.

Description

Allow the specified domain to read generic files in /etc. These files are typically general system configuration files that do not have more specific SELinux types. Some examples of these files are:

/etc/fstab

/etc/passwd

/etc/services

/etc/shells

This interface does not include access to /etc/shadow.

Generally, it is safe for many domains to have this access. However, since this interface provides access to the /etc/passwd file, caution must be exercised, as user account names can be leaked through this access.

Related interfaces:

auth_read_shadow()

files_read_etc_runtime_files()

seutil_read_config()

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_etc_runtime_files(
	
		domain
		
	)

Summary

Read files in /etc that are dynamically created on boot, such as mtab.

Description

Allow the specified domain to read dynamically created configuration files in /etc. These files are typically general system configuration files that do not have more specific SELinux types. Some examples of these files are:

/etc/motd

/etc/mtab

/etc/nologin

This interface does not include access to /etc/shadow.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_etc_symlinks(
	
		domain
		
	)

Summary

Read symbolic links in /etc.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_generic_spool(
	
		domain
		
	)

Summary

Read generic spool files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_generic_tmp_files(
	
		domain
		
	)

Summary

Read files in the tmp directory (/tmp).

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_generic_tmp_symlinks(
	
		domain
		
	)

Summary

Read symbolic links in the tmp directory (/tmp).

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_kernel_img(
	
		domain
		
	)

Summary

Read kernel files in the /boot directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_kernel_modules(
	
		domain
		
	)

Summary

Read kernel module files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_kernel_symbol_table(
	
		domain
		
	)

Summary

Read system.map in the /boot directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_mnt_files(
	
		domain
		
	)

Summary

read files in /mnt.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_mnt_symlinks(
	
		domain
		
	)

Summary

Read symbolic links in /mnt.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_non_auth_files(
	
		domain
		
	)

Summary

Read all non-authentication related files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_non_auth_symlinks(
	
		domain
		
	)

Summary

Read all non-authentication related symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_non_security_files(
	
		domain
		
	)

Summary

Read all non-security files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_runtime_files(
	
		domain
		
	)

Summary

Read generic runtime files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_usr_files(
	
		domain
		
	)

Summary

Read generic files in /usr.

Description

Allow the specified domain to read generic files in /usr. These files are various program files that do not have more specific SELinux types. Some examples of these files are:

/usr/include/*

/usr/share/doc/*

/usr/share/info/*

Generally, it is safe for many domains to have this access.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_usr_src_files(
	
		domain
		
	)

Summary

Read files in /usr/src.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_usr_symlinks(
	
		domain
		
	)

Summary

Read symbolic links in /usr.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_var_files(
	
		domain
		
	)

Summary

Read files in the /var directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_var_lib_files(
	
		domain
		
	)

Summary

Read generic files in /var/lib.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_var_lib_symlinks(
	
		domain
		
	)

Summary

Read generic symbolic links in /var/lib

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_var_symlinks(
	
		domain
		
	)

Summary

Read symbolic links in the /var directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_world_readable_files(
	
		domain
		
	)

Summary

Read world-readable files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_world_readable_pipes(
	
		domain
		
	)

Summary

Read world-readable named pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_world_readable_sockets(
	
		domain
		
	)

Summary

Read world-readable sockets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_read_world_readable_symlinks(
	
		domain
		
	)

Summary

Read world-readable symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_all_file_type_fs(
	
		domain
		
	)

Summary

Relabel a filesystem to and from the type of a file.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_all_files(
	
		domain
		
			,
		
		exception_types
		
	)

Summary

Relabel all files on the filesystem, except the listed exceptions.

Parameters

Parameter:	Description:
domain	Domain allowed access.
exception_types	The types to be excluded. Each type or attribute must be negated by the caller.

files_relabel_all_lock_dirs(
	
		domain
		
	)

Summary

Relabel to and from all lock directory types.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_all_locks(
	
		domain
		
	)

Summary

Relabel from/to all lock files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_all_runtime_dirs(
	
		domain
		
	)

Summary

Relabel all runtime directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_all_runtime_files(
	
		domain
		
	)

Summary

Relabel all runtime files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_all_runtime_sockets(
	
		domain
		
	)

Summary

Relabel all runtime named sockets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_all_runtime_symlinks(
	
		domain
		
	)

Summary

Relabel all runtime symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_all_tmp_dirs(
	
		domain
		
	)

Summary

Relabel to and from all temporary directory types.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_all_tmp_files(
	
		domain
		
	)

Summary

Relabel to and from all temporary file types.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_config_dirs(
	
		domain
		
	)

Summary

Relabel configuration directories

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_config_files(
	
		domain
		
	)

Summary

Relabel configuration files

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_etc_files(
	
		domain
		
	)

Summary

Relabel from and to generic files in /etc.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_generic_tmp_dirs(
	
		domain
		
	)

Summary

Relabel temporary directories in /tmp.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_kernel_modules(
	
		domain
		
	)

Summary

Relabel from and to kernel module files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_non_auth_files(
	
		domain
		
	)

Summary

Relabel all non-authentication related files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_non_security_dirs(
	
		domain
		
	)

Summary

Relabel from/to non-security directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_non_security_files(
	
		domain
		
	)

Summary

Relabel from/to all non-security files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_rootfs(
	
		domain
		
	)

Summary

Relabel to and from rootfs file system.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_var_dirs(
	
		domain
		
	)

Summary

relabelto/from var directories

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabel_var_lib_dirs(
	
		domain
		
	)

Summary

relabel var_lib_t dirs

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabelfrom_boot_files(
	
		domain
		
	)

Summary

Relabel from files in the /boot directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabelfrom_home(
	
		domain
		
	)

Summary

Relabel from user home root (/home).

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabelfrom_usr_files(
	
		domain
		
	)

Summary

Relabel a file from the type used in /usr.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabelto_all_file_type_fs(
	
		domain
		
	)

Summary

Relabel a filesystem to the type of a file.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabelto_etc_dirs(
	
		domain
		
	)

Summary

Relabel directories to etc_t.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabelto_etc_runtime_dirs(
	
		domain
		
	)

Summary

Relabel to etc_runtime_t dirs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabelto_etc_runtime_files(
	
		domain
		
	)

Summary

Relabel to etc_runtime_t files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabelto_home(
	
		domain
		
	)

Summary

Relabel to user home root (/home).

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_relabelto_usr_files(
	
		domain
		
	)

Summary

Relabel a file to the type used in /usr.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_remount_boot(
	
		domain
		
	)

Summary

Remount a filesystem mounted on /boot.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_remount_etc(
	
		domain
		
	)

Summary

Remount etc filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_root_filetrans(
	
		domain
		
			,
		
		private type
		
			,
		
		object
		
			,
		
		name
		
	)

Summary

Create an object in the root directory, with a private type using a type transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private type	The type of the object to be created.
object	The object class of the object being created.
name	The name of the object being created.

files_runtime_file(
	
		type
		
	)

Summary

Make the specified type usable for runtime process ID files.

Description

Make the specified type usable for runtime process ID files, typically found in /var/run. This will also make the type usable for files, making calls to files_type() redundant. Failure to use this interface for a PID file type may result in problems with starting or stopping services.

Related interfaces:

files_runtime_filetrans()

Example usage with a domain that can create and write its PID file with a private PID file type in the /var/run directory:

type mypidfile_t; files_runtime_file(mypidfile_t) allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms }; files_runtime_filetrans(mydomain_t, mypidfile_t, file)

Parameters

Parameter:	Description:
type	Type to be used for PID files.

files_runtime_filetrans(
	
		domain
		
			,
		
		private type
		
			,
		
		object
		
			,
		
		name
		
	)

Summary

Create an object in the /run directory, with a private type.

Description

Create an object in the process ID directory (e.g., /var/run) with a private type. Typically this is used for creating private PID files in /var/run with the private type instead of the general PID file type. To accomplish this goal, either the program must be SELinux-aware, or use this interface.

Related interfaces:

files_runtime_file()

Example usage with a domain that can create and write its PID file with a private PID file type in the /var/run directory:

type mypidfile_t; files_runtime_file(mypidfile_t) allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms }; files_runtime_filetrans(mydomain_t, mypidfile_t, file)

Parameters

Parameter:	Description:
domain	Domain allowed access.
private type	The type of the object to be created.
object	The object class of the object being created.
name	The name of the object being created.

files_runtime_filetrans_lock_dir(
	
		domain
		
			,
		
		name
		
	)

Summary

Create a generic lock directory within the run directories.

Parameters

Parameter:	Description:
domain	Domain allowed access
name	The name of the object being created.

files_rw_all_files(
	
		domain
		
			,
		
		exception_types
		
	)

Summary

rw all files on the filesystem, except the listed exceptions.

Parameters

Parameter:	Description:
domain	Domain allowed access.
exception_types	The types to be excluded. Each type or attribute must be negated by the caller.

files_rw_boot_symlinks(
	
		domain
		
	)

Summary

Read and write symbolic links in the /boot directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_rw_etc_dirs(
	
		domain
		
	)

Summary

Add and remove entries from /etc directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_rw_etc_files(
	
		domain
		
	)

Summary

Read and write generic files in /etc.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_rw_etc_runtime_files(
	
		domain
		
	)

Summary

Read and write files in /etc that are dynamically created on boot, such as mtab.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_rw_generic_tmp_sockets(
	
		domain
		
	)

Summary

Read and write generic named sockets in the tmp directory (/tmp).

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_rw_lock_dirs(
	
		domain
		
	)

Summary

Add and remove entries in the /var/lock directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_rw_non_auth_files(
	
		domain
		
	)

Summary

rw non-authentication related files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_rw_runtime_files(
	
		domain
		
	)

Summary

Read and write generic runtime files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_rw_usr_dirs(
	
		domain
		
	)

Summary

Add and remove entries from /usr directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_rw_var_files(
	
		domain
		
	)

Summary

Read and write files in the /var directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_rw_var_lib_dirs(
	
		domain
		
	)

Summary

Read-write /var/lib directories

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_search_all(
	
		domain
		
	)

Summary

Search the contents of all directories on extended attribute filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_search_all_mountpoints(
	
		domain
		
	)

Summary

Search all mount points.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_search_boot(
	
		domain
		
	)

Summary

Search the /boot directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_search_default(
	
		domain
		
	)

Summary

Search the contents of directories with the default file type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_search_etc(
	
		domain
		
	)

Summary

Search the contents of /etc directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_search_home(
	
		domain
		
	)

Summary

Search home directories root (/home).

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_search_kernel_modules(
	
		domain
		
	)

Summary

Search the contents of the kernel module directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_search_locks(
	
		domain
		
	)

Summary

Search the locks directory (/var/lock).

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_search_mnt(
	
		domain
		
	)

Summary

Search the contents of /mnt.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_search_runtime(
	
		domain
		
	)

Summary

Search the contents of runtime process ID directories (/var/run).

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_search_spool(
	
		domain
		
	)

Summary

Search the contents of generic spool directories (/var/spool).

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_search_src(
	
		domain
		
	)

Summary

Search directories in /usr/src.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_search_tmp(
	
		domain
		
	)

Summary

Search the tmp directory (/tmp).

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_search_usr(
	
		domain
		
	)

Summary

Search the content of /usr.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_search_var(
	
		domain
		
	)

Summary

Search the contents of /var.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_search_var_lib(
	
		domain
		
	)

Summary

Search the /var/lib directory.

Description

Search the /var/lib directory. This is necessary to access files or directories under /var/lib that have a private type. For example, a domain accessing a private library file in the /var/lib directory:

allow mydomain_t mylibfile_t:file read_file_perms; files_search_var_lib(mydomain_t)

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_security_file(
	
		file_type
		
	)

Summary

Make the specified type a file that should not be dontaudited from browsing from user domains.

Parameters

Parameter:	Description:
file_type	Type of the file to be used as a member directory.

files_security_mountpoint(
	
		type
		
	)

Summary

Make the specified type usable for security file filesystem mount points.

Parameters

Parameter:	Description:
type	Type to be used for mount points.

files_setattr_all_mountpoints(
	
		domain
		
	)

Summary

Set the attributes of all mount points.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_setattr_all_tmp_dirs(
	
		domain
		
	)

Summary

Set the attributes of all tmp directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_setattr_etc_dirs(
	
		domain
		
	)

Summary

Set the attributes of the /etc directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_setattr_lock_dirs(
	
		domain
		
	)

Summary

Set the attributes of the generic lock directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_setattr_runtime_dirs(
	
		domain
		
	)

Summary

Set the attributes of the /var/run directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_setattr_usr_dirs(
	
		domain
		
	)

Summary

Set the attributes of the /usr directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_spool_filetrans(
	
		domain
		
			,
		
		file_type
		
			,
		
		class
		
			,
		
		name
		
	)

Summary

Create objects in the spool directory with a private type with a type transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.
file_type	Type to which the created node will be transitioned.
class	Object class(es) (single or set including {}) for which this the transition will occur.
name	The name of the object being created.

files_start_etc_service(
	
		domain
		
	)

Summary

start etc_t service

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_stop_etc_service(
	
		domain
		
	)

Summary

stop etc_t service

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_tmp_file(
	
		file_type
		
	)

Summary

Make the specified type a file used for temporary files.

Description

Make the specified type usable for temporary files. This will also make the type usable for files, making calls to files_type() redundant. Failure to use this interface for a temporary file may result in problems with purging temporary files.

Related interfaces:

files_tmp_filetrans()

Example usage with a domain that can create and write its temporary file in the system temporary file directories (/tmp or /var/tmp):

type mytmpfile_t; files_tmp_file(mytmpfile_t) allow mydomain_t mytmpfile_t:file { create_file_perms write_file_perms }; files_tmp_filetrans(mydomain_t, mytmpfile_t, file)

Parameters

Parameter:	Description:
file_type	Type of the file to be used as a temporary file.

files_tmp_filetrans(
	
		domain
		
			,
		
		private type
		
			,
		
		object
		
			,
		
		name
		
	)

Summary

Create an object in the tmp directories, with a private type using a type transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private type	The type of the object to be created.
object	The object class of the object being created.
name	The name of the object being created.

files_tmpfs_file(
	
		type
		
	)

Summary

Transform the type into a file, for use on a virtual memory filesystem (tmpfs).

Parameters

Parameter:	Description:
type	The type to be transformed.

files_type(
	
		type
		
	)

Summary

Make the specified type usable for files in a filesystem.

Description

Make the specified type usable for files in a filesystem. Types used for files that do not use this interface, or an interface that calls this one, will have unexpected behaviors while the system is running. If the type is used for device nodes (character or block files), then the dev_node() interface is more appropriate.

Related interfaces:

application_domain()

application_executable_file()

corecmd_executable_file()

init_daemon_domain()

init_domaion()

init_ranged_daemon_domain()

init_ranged_domain()

init_ranged_system_domain()

init_script_file()

init_script_domain()

init_system_domain()

files_config_files()

files_lock_file()

files_mountpoint()

files_runtime_file()

files_security_file()

files_security_mountpoint()

files_tmp_file()

files_tmpfs_file()

logging_log_file()

userdom_user_home_content()

Example:

type myfile_t; files_type(myfile_t) allow mydomain_t myfile_t:file read_file_perms;

Parameters

Parameter:	Description:
type	Type to be used for files.

files_unconfined(
	
		domain
		
	)

Summary

Unconfined access to files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_unmount_all_file_type_fs(
	
		domain
		
	)

Summary

Unmount all filesystems with the type of a file.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_unmount_rootfs(
	
		domain
		
	)

Summary

Unmount a rootfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_usr_filetrans(
	
		domain
		
			,
		
		file_type
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create objects in the /usr directory

Parameters

Parameter:	Description:
domain	Domain allowed access.
file_type	The type of the object to be created
object_class	The object class.
name	The name of the object being created.

files_var_filetrans(
	
		domain
		
			,
		
		file_type
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create objects in the /var directory

Parameters

Parameter:	Description:
domain	Domain allowed access.
file_type	The type of the object to be created
object_class	The object class.
name	The name of the object being created.

files_var_lib_filetrans(
	
		domain
		
			,
		
		file_type
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create objects in the /var/lib directory

Parameters

Parameter:	Description:
domain	Domain allowed access.
file_type	The type of the object to be created
object_class	The object class.
name	The name of the object being created.

files_watch_all_file_type_dir(
	
		domain
		
	)

Summary

watch all directories of file_type

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_watch_all_mount_perm(
	
		domain
		
	)

Summary

Watch all mountpoints.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_watch_all_mountpoints(
	
		domain
		
	)

Summary

Watch all mountpoints.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_watch_etc_dirs(
	
		domain
		
	)

Summary

Watch /etc directories

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_watch_etc_files(
	
		domain
		
	)

Summary

Watch /etc files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_watch_etc_symlinks(
	
		domain
		
	)

Summary

Watch /etc symlinks

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_watch_home(
	
		domain
		
	)

Summary

Watch the user home root (/home).

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_watch_root_dirs(
	
		domain
		
	)

Summary

Watch the root directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_watch_runtime_dirs(
	
		domain
		
	)

Summary

Watch /var/run directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_watch_usr_dirs(
	
		domain
		
	)

Summary

Watch generic directories in /usr.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_write_all_mountpoints(
	
		domain
		
	)

Summary

Check if all mountpoints are writable.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_write_kernel_modules(
	
		domain
		
	)

Summary

Write kernel module files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_write_non_security_dirs(
	
		domain
		
	)

Summary

Allow attempts to modify any directory

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_write_non_security_files(
	
		domain
		
	)

Summary

Write all non-security files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_write_runtime_pipes(
	
		domain
		
	)

Summary

Write named generic runtime pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

files_write_var_dirs(
	
		domain
		
	)

Summary

Allow attempts to write to /var.dirs

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return